Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946

5.4MEDIUM

Key Information:

Vendor

Microsoft
Status
Microsoft Dynamics Nav 2017
Microsoft Dynamics Nav 2018
Dynamics 365 Business Central Spring 2019 Update
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9
Vendor
CVE Published:
12 August 2021

What is CVE-2021-36946?

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

Affected Version(s)

Dynamics 365 Business Central Spring 2019 Update Unknown 14.0.0

Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15 Unknown 16.0

Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9 Unknown 17.0

References

https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.